Allow TCP RSTs to make it through firewall rules. This allows us to cleanly close apps' TCP connections when we remove their network connectivity. Bug: 27824851 Change-Id: I69ae0e860536139d30d14d580a36c82f79dc2f82

commit: 932c44c9bd875060219df7f2ad78769e65adbaca [log] [tgz]
author: Lorenzo Colitti <lorenzo@google.com> Sun Apr 24 16:58:02 2016 +0900
committer: Lorenzo Colitti <lorenzo@google.com> Tue Apr 26 13:36:58 2016 +0900
tree: b89d80d86de99a5f9bfcd209a5768692fdba9c91
parent: 563d98b27d02a1d694fc4ed82b5554fd534c9daf [diff] [blame]
diff --git a/server/FirewallController.h b/server/FirewallController.h
index 3af6081..0854c20 100644
--- a/server/FirewallController.h
+++ b/server/FirewallController.h

@@ -22,6 +22,8 @@
 
 #include <utils/RWLock.h>
 
+#include "NetdConstants.h"
+
 enum FirewallRule { DENY, ALLOW };
 
 // WHITELIST means the firewall denies all by default, uids must be explicitly ALLOWed
@@ -82,6 +84,9 @@
 protected:
     friend class FirewallControllerTest;
     std::string makeUidRules(const char *name, bool isWhitelist, const std::vector<int32_t>& uids);
+    static int (*execIptables)(IptablesTarget target, ...);
+    static int (*execIptablesSilently)(IptablesTarget target, ...);
+    static int (*execIptablesRestore)(IptablesTarget target, const std::string& commands);
 
 private:
     FirewallType mFirewallType;
commit	932c44c9bd875060219df7f2ad78769e65adbaca	[log] [tgz]
author	Lorenzo Colitti <lorenzo@google.com>	Sun Apr 24 16:58:02 2016 +0900
committer	Lorenzo Colitti <lorenzo@google.com>	Tue Apr 26 13:36:58 2016 +0900
tree	b89d80d86de99a5f9bfcd209a5768692fdba9c91
parent	563d98b27d02a1d694fc4ed82b5554fd534c9daf [diff] [blame]